aboutsummaryrefslogtreecommitdiffstats
path: root/include
diff options
context:
space:
mode:
Diffstat (limited to 'include')
-rw-r--r--include/account.php37
-rw-r--r--include/auth.php81
-rw-r--r--include/conversation.php50
-rw-r--r--include/crypto.php2
-rw-r--r--include/identity.php102
-rwxr-xr-xinclude/items.php1
-rw-r--r--include/notifier.php19
-rw-r--r--include/text.php2
-rw-r--r--include/user.php10
-rw-r--r--include/zot.php37
10 files changed, 163 insertions, 178 deletions
diff --git a/include/account.php b/include/account.php
index fe0be87bc..e08b129f3 100644
--- a/include/account.php
+++ b/include/account.php
@@ -102,7 +102,6 @@ function create_account($arr) {
return $result;
}
-
$email_result = check_account_email($email);
if($email_result['error']) {
@@ -142,7 +141,7 @@ function create_account($arr) {
return($result);
}
- $r = q("select * from account where account_email = '%s' and password = '%s' limit 1",
+ $r = q("select * from account where account_email = '%s' and account_password = '%s' limit 1",
dbesc($email),
dbesc($password_encoded)
);
@@ -153,34 +152,26 @@ function create_account($arr) {
logger('create_account: could not retrieve newly created account');
}
- $result['success'] = true;
+ // Set the parent record to the current record_id if no parent was provided
+
+ if(! $parent) {
+ $r = q("update account set account_parent = %d where account_id = %d limit 1",
+ intval($result['account']['account_id']),
+ intval($result['account']['account_id'])
+ );
+ if(! $r) {
+ logger('create_account: failed to set parent');
+ }
+ $result['account']['parent'] = $result['account']['account_id'];
+ }
+ $result['success'] = true;
$result['email'] = $email;
$result['password'] = $password;
return $result;
}
-/**
- * Verify login credentials
- *
- * Returns account record on success, null on failure
- *
- */
-
-function account_verify_password($email,$pass) {
- $r = q("select * from account where email = '%s'",
- dbesc($email)
- );
- if(! ($r && count($r)))
- return null;
- foreach($r as $record) {
- if(hash('whirlpool',$record['account_salt'] . $pass) === $record['account_password']) {
- return $record;
- }
- }
- return null;
-}
function send_reg_approval_email($arr) {
diff --git a/include/auth.php b/include/auth.php
index cba6a67a7..4dfe74472 100644
--- a/include/auth.php
+++ b/include/auth.php
@@ -20,12 +20,36 @@ function nuke_session() {
unset($_SESSION['page_flags']);
}
+/**
+ * Verify login credentials
+ *
+ * Returns account record on success, null on failure
+ *
+ */
+
+function account_verify_password($email,$pass) {
+ $r = q("select * from account where account_email = '%s'",
+ dbesc($email)
+ );
+ if(! ($r && count($r)))
+ return null;
+ foreach($r as $record) {
+ if(($record['account_flags'] == ACCOUNT_OK) || ($record['account_flags'] == ACCOUNT_UNVERIFIED)
+ && (hash('whirlpool',$record['account_salt'] . $pass) === $record['account_password'])) {
+ return $record;
+ }
+ }
+ return null;
+}
+
// login/logout
+
+
if((isset($_SESSION)) && (x($_SESSION,'authenticated')) && ((! (x($_POST,'auth-params'))) || ($_POST['auth-params'] !== 'login'))) {
if(((x($_POST,'auth-params')) && ($_POST['auth-params'] === 'logout')) || ($a->module === 'logout')) {
@@ -59,6 +83,14 @@ if((isset($_SESSION)) && (x($_SESSION,'authenticated')) && ((! (x($_POST,'auth-p
goaway(z_root());
}
+ $r = q("select * from account where account_id = %d limit 1",
+ intval($_SESSION['account_id'])
+ );
+ if(count($r) && (($r[0]['account_flags'] == ACCOUNT_OK) || ($r[0]['account_flags'] == ACCOUNT_UNVERIFIED)))
+ get_app()->account = $r[0];
+ else
+ $_SESSION['account_id'] = 0;
+
$r = q("SELECT `user`.*, `user`.`pubkey` as `upubkey`, `user`.`prvkey` as `uprvkey`
FROM `user` WHERE `uid` = %d AND `blocked` = 0 AND `account_expired` = 0 AND `verified` = 1 LIMIT 1",
intval($_SESSION['uid'])
@@ -80,43 +112,6 @@ else {
if((x($_POST,'password')) && strlen($_POST['password']))
$encrypted = hash('whirlpool',trim($_POST['password']));
- else {
- if((x($_POST,'openid_url')) && strlen($_POST['openid_url']) ||
- (x($_POST,'username')) && strlen($_POST['username'])) {
-
- $noid = get_config('system','no_openid');
-
- $openid_url = trim((strlen($_POST['openid_url'])?$_POST['openid_url']:$_POST['username']) );
-
- // validate_url alters the calling parameter
-
- $temp_string = $openid_url;
-
- // if it's an email address or doesn't resolve to a URL, fail.
-
- if(($noid) || (strpos($temp_string,'@')) || (! validate_url($temp_string))) {
- $a = get_app();
- notice( t('Login failed.') . EOL);
- goaway(z_root());
- // NOTREACHED
- }
-
- // Otherwise it's probably an openid.
-
- try {
- require_once('library/openid.php');
- $openid = new LightOpenID;
- $openid->identity = $openid_url;
- $_SESSION['openid'] = $openid_url;
- $a = get_app();
- $openid->returnUrl = $a->get_baseurl(true) . '/openid';
- goaway($openid->authUrl());
- } catch (Exception $e) {
- notice( t('We encountered a problem while logging in with the OpenID you provided. Please check the correct spelling of the ID.').'<br /><br >'. t('The error message was:').' '.$e->getMessage());
- }
- // NOTREACHED
- }
- }
if((x($_POST,'auth-params')) && $_POST['auth-params'] === 'login') {
@@ -144,6 +139,18 @@ else {
}
else {
+ get_app()->account = account_verify_password($_POST['username'],$_POST['password']);
+
+ if(get_app()->account) {
+ $_SESSION['account_id'] = get_app()->account['account_id'];
+ }
+ else {
+ notice( t('Failed authentication') . EOL);
+ }
+
+ logger('authenticate: ' . print_r(get_app()->account,true));
+
+
// process normal login request
$r = q("SELECT `user`.*, `user`.`pubkey` as `upubkey`, `user`.`prvkey` as `uprvkey`
diff --git a/include/conversation.php b/include/conversation.php
index 59f2f2ed8..7f0edc5de 100644
--- a/include/conversation.php
+++ b/include/conversation.php
@@ -344,12 +344,6 @@ function prepare_threads_body($a, $items, $cmnt_tpl, $page_writeable, $mode, $pr
$total_children = $nb_items;
foreach($items as $item) {
- // prevent private email reply to public conversation from leaking.
- if($item['network'] === NETWORK_MAIL && local_user() != $item['uid']) {
- // Don't count it as a visible item
- $nb_items--;
- continue;
- }
if($item['verb'] === ACTIVITY_LIKE || $item['verb'] === ACTIVITY_DISLIKE) {
$nb_items --;
@@ -406,15 +400,13 @@ function prepare_threads_body($a, $items, $cmnt_tpl, $page_writeable, $mode, $pr
$sp = false;
$profile_link = best_link_url($item,$sp);
- if($profile_link === 'mailbox')
- $profile_link = '';
if($sp)
$sparkle = ' sparkle';
else
$profile_link = zrl($profile_link);
$normalised = normalise_link((strlen($item['author-link'])) ? $item['author-link'] : $item['url']);
- if(($normalised != 'mailbox') && (x($a->contacts,$normalised)))
+ if(x($a->contacts,$normalised))
$profile_avatar = $a->contacts[$normalised]['thumb'];
else
$profile_avatar = (((strlen($item['author-avatar'])) && $diff_author) ? $item['author-avatar'] : $a->get_cached_avatar_image($thumb));
@@ -762,10 +754,6 @@ function conversation(&$a, $items, $mode, $update, $page_mode = 'traditional') {
else
$nickname = $a->user['nickname'];
- // prevent private email from leaking.
- if($item['network'] === NETWORK_MAIL && local_user() != $item['uid'])
- continue;
-
$profile_name = ((strlen($item['author-name'])) ? $item['author-name'] : $item['name']);
if($item['author-link'] && (! $item['author-name']))
$profile_name = $item['author-link'];
@@ -774,15 +762,13 @@ function conversation(&$a, $items, $mode, $update, $page_mode = 'traditional') {
$sp = false;
$profile_link = best_link_url($item,$sp);
- if($profile_link === 'mailbox')
- $profile_link = '';
if($sp)
$sparkle = ' sparkle';
else
$profile_link = zrl($profile_link);
$normalised = normalise_link((strlen($item['author-link'])) ? $item['author-link'] : $item['url']);
- if(($normalised != 'mailbox') && (x($a->contacts[$normalised])))
+ if(x($a->contacts,$normalised))
$profile_avatar = $a->contacts[$normalised]['thumb'];
else
$profile_avatar = ((strlen($item['author-avatar'])) ? $a->get_cached_avatar_image($item['author-avatar']) : $item['thumb']);
@@ -955,10 +941,6 @@ function conversation(&$a, $items, $mode, $update, $page_mode = 'traditional') {
}
else {
- // prevent private email reply to public conversation from leaking.
- if($item['network'] === NETWORK_MAIL && local_user() != $item['uid'])
- continue;
-
$comments_seen ++;
$comment_lastcollapsed = false;
$comment_firstcollapsed = false;
@@ -1146,15 +1128,13 @@ function conversation(&$a, $items, $mode, $update, $page_mode = 'traditional') {
$sp = false;
$profile_link = best_link_url($item,$sp);
- if($profile_link === 'mailbox')
- $profile_link = '';
if($sp)
$sparkle = ' sparkle';
else
$profile_link = zrl($profile_link);
$normalised = normalise_link((strlen($item['author-link'])) ? $item['author-link'] : $item['url']);
- if(($normalised != 'mailbox') && (x($a->contacts,$normalised)))
+ if(x($a->contacts,$normalised))
$profile_avatar = $a->contacts[$normalised]['thumb'];
else
$profile_avatar = (((strlen($item['author-avatar'])) && $diff_author) ? $item['author-avatar'] : $a->get_cached_avatar_image($thumb));
@@ -1346,8 +1326,6 @@ function item_photo_menu($item){
$sparkle = false;
$profile_link = best_link_url($item,$sparkle,$ssl_state);
- if($profile_link === 'mailbox')
- $profile_link = '';
if($sparkle) {
$cid = intval(basename($profile_link));
@@ -1504,27 +1482,6 @@ function status_editor($a,$x, $notes_cid = 0, $popup=false) {
$jotplugins = '';
$jotnets = '';
- $mail_disabled = ((function_exists('imap_open') && (! get_config('system','imap_disabled'))) ? 0 : 1);
-
- $mail_enabled = false;
- $pubmail_enabled = false;
-
- if(($x['is_owner']) && (! $mail_disabled)) {
- $r = q("SELECT * FROM `mailacct` WHERE `uid` = %d AND `server` != '' LIMIT 1",
- intval(local_user())
- );
- if(count($r)) {
- $mail_enabled = true;
- if(intval($r[0]['pubmail']))
- $pubmail_enabled = true;
- }
- }
-
- if($mail_enabled) {
- $selected = (($pubmail_enabled) ? ' checked="checked" ' : '');
- $jotnets .= '<div class="profile-jot-net"><input type="checkbox" name="pubmail_enable"' . $selected . ' value="1" /> ' . t("Post to Email") . '</div>';
- }
-
call_hooks('jot_tool', $jotplugins);
call_hooks('jot_networks', $jotnets);
@@ -1565,7 +1522,6 @@ function status_editor($a,$x, $notes_cid = 0, $popup=false) {
'$defloc' => $x['default_location'],
'$visitor' => $x['visitor'],
'$pvisit' => (($notes_cid) ? 'none' : $x['visitor']),
- '$emailcc' => t('CC: email addresses'),
'$public' => t('Public post'),
'$jotnets' => $jotnets,
'$emtitle' => t('Example: bob@example.com, mary@example.com'),
diff --git a/include/crypto.php b/include/crypto.php
index 4c6f9a2ae..f6ba2ed83 100644
--- a/include/crypto.php
+++ b/include/crypto.php
@@ -3,8 +3,6 @@
require_once('library/ASNValue.class.php');
require_once('library/asn1.php');
-// supported algorithms are 'sha256', 'sha1'
-
function rsa_sign($data,$key,$alg = 'sha256') {
$sig = '';
diff --git a/include/identity.php b/include/identity.php
index 1e450869a..9b8065f6f 100644
--- a/include/identity.php
+++ b/include/identity.php
@@ -3,11 +3,44 @@
require_once('include/zot.php');
require_once('include/crypto.php');
+
+function identity_check_service_class($account_id) {
+ $ret = array('success' => false, $message => '');
+
+ $r = q("select count(entity_id) as total from entity were entity_account_id = %d ",
+ intval($account_id)
+ );
+ if(! ($r && count($r))) {
+ $ret['message'] = t('Unable to obtain identity information from database');
+ return $ret;
+ }
+
+ if(! service_class_allows($account_id,'total_identities',$r[0]['total'])) {
+ $result['message'] .= upgrade_message();
+ return $result;
+ }
+
+ $ret['success'] = true;
+ return $ret;
+}
+
+
+// Required: name, nickname, account_id
+
+// optional: pageflags
+
function create_identity($arr) {
- $ret = array('success' => false, 'message' => '');
- $nick = trim($_POST['nickname']);
- $name = escape_tags($_POST['name']);
+ $ret = array('success' => false);
+
+ if(! $arr['account_id']) {
+ $ret['message'] = t('No account identifier');
+ return $ret;
+ }
+
+ $nick = trim($arr['nickname']);
+ $name = escape_tags($arr['name']);
+ $pageflags = ((x($arr,'pageflags')) ? intval($arr['pageflags']) : PAGE_NORMAL);
if(check_webbie(array($nick)) !== $nick) {
$ret['message'] = t('Nickname has unsupported characters or is already being used on this site.');
@@ -24,7 +57,7 @@ function create_identity($arr) {
entity_pubkey, entity_pageflags )
values ( %d, %d, '%s', '%s', '%s', '%s', '%s', %d ) ",
- intval(local_user()),
+ intval($arr['account_id']),
intval($primary),
dbesc($name),
dbesc($nick),
@@ -36,44 +69,53 @@ function create_identity($arr) {
$r = q("select * from entity where entity_account_id = %d
and entity_global_id = '%s' limit 1",
- intval(local_user()),
+ intval($arr['account_id']),
dbesc($guid)
);
+
if(! ($r && count($r))) {
$ret['message'] = t('Unable to retrieve created identity');
return $ret;
}
+
$ret['entity'] = $r[0];
+
+ set_default_login_identity($arr['account_id'],$ret['entity']['entity_id'],false);
+
+ // Create a verified hub location pointing to this site.
+
+ $r = q("insert into hubloc ( hubloc_guid, hubloc_guid_sig, hubloc_flags,
+ hubloc_url, hubloc_url_sig, hubloc_callback, hubloc_sitekey )
+ values ( '%s', '%s', %d, '%s', '%s', '%s', '%s' )",
+ dbesc($ret['entity']['entity_global_id']),
+ dbesc(base64url_encode(rsa_sign($ret['entity']['entity_global_id'],$ret['entity']['entity_prvkey']))),
+ intval(($primary) ? HUBLOC_FLAGS_PRIMARY : 0),
+ dbesc(z_root()),
+ dbesc(base64url_encode(rsa_sign(z_root(),$ret['entity']['entity_prvkey']))),
+ dbesc(z_root() . '/post'),
+ dbesc(get_config('system','pubkey'))
+ );
+ if(! $r)
+ logger('create_identity: Unable to store hub location');
+
+
$ret['success'] = true;
return $ret;
}
+// set default identity for account_id to identity_id
+// if $force is false only do this if there is no current default
-
-
-
-
-class simple_identity {
-
- private $identity_uid;
- private $identity_name;
- private $identity_url;
- private $identity_photo;
-
- function __construct($uid = '',$name = '',$url = '',$photo = '') {
- $this->identity_uid = $uid;
- $this->identity_name = $name;
- $this->identity_url = $url;
- $this->identity_photo = $photo;
- }
-
- function to_array() {
- return array(
- 'zuid' => $this->identity_uid,
- 'name' => $this->identity_name,
- 'url' => $this->identity_url,
- 'photo' => $this->identity_photo
+function set_default_login_identity($account_id,$entity_id,$force = true) {
+ $r = q("select account_default_entity from account where account_id = %d limit 1",
+ intval($account_id)
+ );
+ if(($r) && (count($r)) && ((! intval($r[0]['account_default_entity'])) || $force)) {
+ $r = q("update account set account_default_entity = %d where account_id = %d limit 1",
+ intval($entity_id),
+ intval($account_id)
);
}
-} \ No newline at end of file
+}
+
diff --git a/include/items.php b/include/items.php
index bb053434d..f3e549e2b 100755
--- a/include/items.php
+++ b/include/items.php
@@ -3338,7 +3338,6 @@ function fix_private_photos($s, $uid, $item = null, $cid = 0) {
// Only embed locally hosted photos
$replace = false;
$i = basename($image);
- $i = str_replace(array('.jpg','.png'),array('',''),$i);
$x = strpos($i,'-');
if($x) {
diff --git a/include/notifier.php b/include/notifier.php
index 27f178fe0..6bc0d98b3 100644
--- a/include/notifier.php
+++ b/include/notifier.php
@@ -439,25 +439,6 @@ function notifier_run($argv, $argc){
logger('notifier: slaps: ' . print_r($slaps,true), LOGGER_DATA);
- // If this is a public message and pubmail is set on the parent, include all your email contacts
-
- $mail_disabled = ((function_exists('imap_open') && (! get_config('system','imap_disabled'))) ? 0 : 1);
-
- if(! $mail_disabled) {
- if((! strlen($target_item['allow_cid'])) && (! strlen($target_item['allow_gid']))
- && (! strlen($target_item['deny_cid'])) && (! strlen($target_item['deny_gid']))
- && (intval($target_item['pubmail']))) {
- $r = q("SELECT * FROM `contact` WHERE `uid` = %d AND `network` = '%s'",
- intval($uid),
- dbesc(NETWORK_MAIL)
- );
- if(count($r)) {
- foreach($r as $rr)
- $recipients[] = $rr['id'];
- }
- }
- }
-
if($followup)
$recip_str = $parent['contact-id'];
else
diff --git a/include/text.php b/include/text.php
index feafafd06..79b4bba39 100644
--- a/include/text.php
+++ b/include/text.php
@@ -1152,7 +1152,7 @@ function generate_user_guid() {
-function base64url_encode($s, $strip_padding = false) {
+function base64url_encode($s, $strip_padding = true) {
$s = strtr(base64_encode($s),'+/','-_');
diff --git a/include/user.php b/include/user.php
index 21a1e3b48..1b497a06e 100644
--- a/include/user.php
+++ b/include/user.php
@@ -219,8 +219,8 @@ function create_user($arr) {
t('default'),
1,
dbesc($username),
- dbesc($a->get_baseurl() . "/photo/profile/{$newuid}.jpg"),
- dbesc($a->get_baseurl() . "/photo/avatar/{$newuid}.jpg"),
+ dbesc($a->get_baseurl() . "/photo/profile/{$newuid}"),
+ dbesc($a->get_baseurl() . "/photo/avatar/{$newuid}"),
intval($publish),
intval($netpublish)
@@ -239,9 +239,9 @@ function create_user($arr) {
datetime_convert(),
dbesc($username),
dbesc($nickname),
- dbesc($a->get_baseurl() . "/photo/profile/{$newuid}.jpg"),
- dbesc($a->get_baseurl() . "/photo/avatar/{$newuid}.jpg"),
- dbesc($a->get_baseurl() . "/photo/micro/{$newuid}.jpg"),
+ dbesc($a->get_baseurl() . "/photo/profile/{$newuid}"),
+ dbesc($a->get_baseurl() . "/photo/avatar/{$newuid}"),
+ dbesc($a->get_baseurl() . "/photo/micro/{$newuid}"),
dbesc($a->get_baseurl() . "/profile/$nickname"),
dbesc(normalise_link($a->get_baseurl() . "/profile/$nickname")),
dbesc($a->get_baseurl() . "/dfrn_request/$nickname"),
diff --git a/include/zot.php b/include/zot.php
index 04b84900b..20ec7686d 100644
--- a/include/zot.php
+++ b/include/zot.php
@@ -2,15 +2,15 @@
/**
*
- * @function zot_new_uid($entity_id)
- * @entity_id = integer id of controlling entity
+ * @function zot_new_uid($entity_nick)
+ * @entity_id = unique nickname of controlling entity
* @returns string
*
*/
-function zot_new_uid($entity_id) {
- $rawstr = z_root() . '/' . $entity_id . '.' . mt_rand();
- return(base64url_encode(hash('whirlpool',$rawstr,true),true) . '.' . mt_rand());
+function zot_new_uid($entity_nick) {
+ $rawstr = z_root() . '/' . $entity_nick . '.' . mt_rand();
+ return(base64url_encode(hash('whirlpool',$rawstr,true),true));
}
@@ -63,7 +63,9 @@ function zot_notify($entity,$url) {
$x = z_post_url($url, array(
'type' => 'notify',
'guid' => $entity['entity_global_id'],
- 'hub' => z_root(),
+ 'guid_sig' => base64url_encode($guid,$entity['prvkey']),
+ 'hub' => z_root(),
+ 'hub_sig' => base64url_encode(z_root,$entity['prvkey']),
'callback' => '/post',
'spec' => ZOT_REVISION)
);
@@ -73,12 +75,15 @@ function zot_notify($entity,$url) {
function zot_gethub($arr) {
- if((x($arr,'hub')) && (x($arr,'guid'))) {
+ if((x($arr,'guid')) && (x($arr,'guid_sig')) && (x($arr,'hub')) && (x($arr,'hub_sig'))) {
$r = q("select * from hubloc
- where hubloc_guid = '%s' and hubloc_url = '%s'
+ where hubloc_guid = '%s' and hubloc_guid_sig = '%s'
+ and hubloc_url = '%s' and hubloc_url_sig = '%s'
limit 1",
dbesc($arr['guid']),
- dbesc($arr['hub'])
+ dbesc($arr['guid_sig']),
+ dbesc($arr['hub']),
+ dbesc($arr['hub_sig'])
);
if($r && count($r))
return $r[0];
@@ -95,13 +100,19 @@ function zot_register_hub($arr) {
if($record->hub && count($record->hub)) {
foreach($record->hub as $h) {
// store any hubs we don't know about
- if( ! zot_gethub(array('hub' => $h->url, 'guid' => $arr['guid']))) {
- $r = q("insert into hubloc (hubloc_guid, hubloc_flags, hubloc_url,
- hubloc_callback, hubloc_sitekey, hubloc_key)
- values ( '%s', %d, '%s', '%s', '%s', '%s' )",
+ if( ! zot_gethub(
+ array('guid' => $arr['guid'],
+ 'guid_sig' => $arr['guid_sig'],
+ 'hub' => $h->url,
+ 'hub_sig' => $h->url_sig))) {
+ $r = q("insert into hubloc (hubloc_guid, hubloc_guid_sig, hubloc_flags, hubloc_url,
+ hubloc_url_sig, hubloc_callback, hubloc_sitekey, hubloc_key)
+ values ( '%s', '%s', %d, '%s', '%s', '%s', '%s', '%s' )",
dbesc($arr['guid']),
+ dbesc($arr['guid_sig']),
intval((($h->primary) ? HUBLOC_FLAGS_PRIMARY : 0) | HUBLOC_FLAGS_UNVERIFIED ),
dbesc($h->url),
+ dbesc($h->url_sig),
dbesc($h->callback),
dbesc($h->sitekey),
dbesc($record->key)